Bots Deployed to Attack PayPal Accounts | 2022
On the 20th of December, ‘PayPal’ dived in deep to investigate unauthorised access to customers' accounts and found that for two days straight (the 6th and 8th of December) hackers deployed bots to breach nearly 35,000 worth of PayPal accounts.
When a PayPal account has been breached, a lot can be at stake as the threat actors would have access to their victim’s addresses, dates of birth, social security numbers, tax identification numbers, transaction histories, and even access to a victim’s credit card details linked to PayPal.
"We have no information suggesting that any of your personal information was misused as a result of this incident, or that there are any unauthorized transactions on your account," reads PayPal's notification to impacted users.
"We reset the passwords of the affected PayPal accounts and implemented enhanced security controls that will require you to establish a new password the next time you log in to your account"
Threat actors achieve this feat by using PayPal data leaked online and programming bots to stuff the credentials (known as credential stuffing) into the PayPal login page until an account is accessed with the list provided.
PayPal has confirmed that the compromised accounts had not made any sort of transactions while in the threat actors hands and gave the compromised users a two-year free-of-charge service from ‘Equifax’ to monitor and protect previously hacked accounts to remedy the situation.
Click Here to view full article